Release Notes
- Release notes for version 2.7.3
- Release notes for version 2.7.2
- Release notes for version 2.7.1
- Release notes for version 2.7.0
- Release notes for version 2.6.0
- Release notes for version 2.5.2
- Release notes for version 2.5.1
- Release notes for version 2.5.0
- Release notes for version 2.5.D1
- Release notes for version 2.4.1
- Release notes for version 2.4.0
- Other points of interest
Release notes for Xalan-Java 2.7.3
Xalan-Java 2.7.3 was released in April 2023.
Java 8 requirement
This XalanJ release, requires users to use Java minimum version 8 for working with XalanJ.
Fix for CVE-2022-34169 An integer truncation issue when processing malicious XSLT stylesheets
This issue was fixed within XalanJ's XSLTC processor. This XalanJ issue, when present causes following problems: Malicious XSLT stylesheets may be written, which could result in XalanJ invalid translet Java byte code to be produced by XalanJ XSLTC processor. The XalanJ translet is a Java byte code compiled representation, of an XSLT transformation.
Upgrade to Apache Commons BCEL 6.7.0
This XalanJ release, contains upgraded version of Apache Commons BCEL library. [Gary Gregory]
Enhancements for, performing XalanJ build and running of XalanJ tests from source distribution
The XalanJ users, can now make XalanJ builds and perform XalanJ tests from the XalanJ source distribution. The XalanJ build scripts for the implementation and the tests, both for the Windows and Linux platforms, were enhanced to support building XalanJ with JDK 1.8. [Gary Gregory, Joseph Kessselman, Mukul Gandhi]
Upgrade to Xerces-J 2.12.2
This XalanJ release, contains upgraded versions of xercesImpl.jar
and xml-apis.jar (Xerces-J 2.12.2).
XALANJ Jira bug fixes
2638, 2623, 2607, 2601, 2600, 2584, 2346
Release notes for Xalan-Java 2.7.2
Xalan-Java 2.7.2 was released in April 2014.
Fix for CVE-2014-0107 insufficient secure processing
When using FEATURE_SECURE_PROCESSING ("http://javax.xml.XMLConstants/feature/secure-processing") on a TransformerFactory, the output properties:
- {http://xml.apache.org/xalan}content-handler
- {http://xml.apache.org/xalan}entities
- {http://xml.apache.org/xslt}content-handler
- {http://xml.apache.org/xslt}entities
should be ignored (see http://xml.apache.org/xalan-j/usagepatterns.html#outputprops)
These properties can be used to load an arbitrary class or access an arbitrary URL/resource so are problematic when secure processing is desired.
<xsl:output xalan:content-handler="org.example.BadClass" ...
<xsl:output xalan:entities="http://example.org/reallyLargeFile.bin" ...
These features could be used to load a class that had undesirable side-effects or to load a large file and exhaust memory, etc.
See XALANJ-2435.
Upgrade to Xerces-J 2.11.0 and XML Commons External 1.4.01
The distributions contain upgraded versions ofxercesImpl.jar
(Xerces-J 2.11.0) and xml-apis.jar (XML Commons External 1.4.01).
XALANJ Jira bug fixes
XALANJ Jira bug fixes: 2435, 2580, 2546, 2581, 2582, 2583, 2473, 2495, 2493, 2424, 2446, 2447
You can also view the list in Jira
Release notes for Xalan-Java 2.7.1
Xalan-Java 2.7.1 was released in August 2007.
The serializer now has support for DOM Level 3 serialization
(LSSerializer)
for an XML parser. These changes are seen in the new class
org.apache.xml.serializer.DOM3Serializer
and the new package
org.apache.xml.serializer.dom3
as well as a new method,
asDOM3Serializer() on the older
org.apache.xml.serializer.Serializer
interface.
More details are in the javadoc of those classes and interfaces.
The distributions contain upgraded versions of xercesImpl.jar
(Xerces-J 2.9.0) and xml-apis.jar (XML Commons External 1.3.04).
The distributions were tested with these versions of Xerces-J
and XML Commons External and are the recommended versions to use with
the release.
Important: You may experience unpredictable anomalies if your Xalan-Java and Xerces-Java builds are not in synch.
Xalan-Java 2.7.1 contains the following functional enhancements, performance enhancements and bug fixes since 2.7.0:
- XALANJ Jira bug fixes: 611, 1243, 1324, 1434, 1497, 1706, 1753, 1774, 2061, 2091, 2108, 2159, 2184, 2196, 2199, 2204, 2205, 2206, 2208, 2209, 2210, 2217, 2218, 2219, 2220, 2221, 2222, 2224, 2219, 2230, 2236, 2240, 2249, 2268, 2269, 2271, 2275, 2276, 2277, 2278, 2279, 2281, 2283, 2284, 2285, 2286, 2290, 2292, 2293, 2294, 2295, 2297, 2298, 2307, 2312, 2316, 2317, 2318, 2319, 2321, 2323, 2324, 2329, 2336, 2337, 2339, 2341, 2342, 2343, 2375, 2377, 2384, 2395
Release notes for Xalan-Java 2.7.0
Xalan-Java 2.7.0 was released on August 8, 2005.
Xalan-Java 2.7.0 contains the following functional enhancements, performance enhancements and bug fixes since 2.6.0.
Support for JAXP 1.3
Support for JAXP 1.3 has been introduced in this release of Xalan-Java. JAXP 1.3 includes a new javax.xml.xpath package, which provides an object-model neutral API for the evaluation of XPath expressions and access to the evaluation environment. Please refer to Using the JAXP 1.3 XPath API for details on how to use the new XPath API. You can also look at the code in the samples ApplyXPathJAXP , XPathResolver and ExtensionFunctionResolver.
There are also a few new transformer features
in JAXP 1.3, as described in the following list:
New default error handling behavior
The behavior of the default ErrorListener was changed in this release of Xalan-Java, in order to conform with a clarification of the required behavior described by JAXP 1.3. If an application does not register its own ErrorListener, the default ErrorListener is used which reports all warnings and errors to System.err and does not throw any Exceptions. Applications are strongly encouraged to register and use ErrorListeners that insure proper behavior for warnings and errors. The default ErrorListener of the old Xalan-Java Interpretive processor throws exceptions on errors and fatal errors. If your code expects exceptions to be thrown on errors and fatal errors, you have to set a customized ErrorListener on TransformerFactory and/or Transformer. You can use org.apache.xml.utils.DefaultErrorHandler as a sample ErrorListener implementation.Support for XML 1.1
This release of Xalan-Java adds support for Namespaces in XML 1.1 and XML 1.1 output documents.
The processors:
The processors do not undeclare namespaces other than the default namespace in serialized documents Also, Full normalization is not supported.
An input document can be either XML 1.0 or XML 1.1. Also, a stylesheet document can be either XML 1.0 or XML 1.1. A stylesheet document must conform to the XSLT 1.0 specifications.
Note that it is possible for a stylesheet module that is an XML 1.1 document to use constructs that cannot be serialized as part of a valid XML 1.0 document, and for a stylesheet module that is an XML 1.0 document to use constructs that cannot be serialized as part of a valid XML 1.1 document. For example, a stylesheet module that is an XML 1.1 document might contain a literal result element whose name contains characters that are not permitted as part of a QName in a document that conforms to Namespaces for XML 1.0. The user needs to ensure that the nodes created by the stylesheet can be serialized as part of a well-formed document of the required version of XML.
Support for Alternative BSF Implementations
Extensions written in Java are directly supported by Xalan-Java. For extensions written in languages other than
Java, Xalan-Java uses the Bean Scripting Framework (BSF), an architecture for incorporating scripting into Java
applications and applets, and an implementation of BSF must be available on the classpath. In previous
releases, IBM's BSF implementation (bsf.jar from 2001) has been included in the Xalan-Java distribution.
Some time ago IBM donated their BSF implementation to the
Apache Jakarta BSF project. As of this release,
the IBM bsf.jar is no longer included in the Xalan-Java distribution. To use extensions written in
languages other than Java, please download a version of Jakarta BSF and put it on your classpath. To use
a different BSF implementation, please refer to setting the BSFManager.
New serializer.jar
In this release of Xalan-Java the code related to serialization of output result trees has been pulled out of
xalan.jar and moved into a new jar file, named serializer.jar.
The code in serializer.jar has been modified to have no build or runtime dependencies on the rest of the
code in Xalan-Java, therefore, serializer.jar can be used in a stand-alone fashion through its public APIs.
Although the code has been modified to create a stand-alone jar, the serializer public APIs have not changed
and the package names and classnames are the same as they were last release.
Also the following:
- Updates to the SQL extension and SQL samples to support the Apache Derby database.
- Minor restructuring of the source and binary distributions.
- Various performance fixes.
- Various memory leak fixes.
- Upgrade to Xerces-J (2.7.1) and a new version of xml-commons (xml-commons-external-1.3.02).
- Bugzilla fixes: 15333, 27417, 27516, 27522, 27539, 27932, 28082, 28435, 28622, 28796, 28879, 29120, 29234, 29372, 29411, 29655, 29706, 30056, 30142, 30262, 30301, 30658
- XALANJ Jira bug fixes: 936, 1186, 1368, 1417, 1427, 1431, 1478, 1526, 1550, 1556, 1592, 1640, 1662, 1705, 1708, 1761, 1810, 1811, 1812, 1822, 1824, 1852, 1853, 1886, 1887, 1888, 1891, 1908, 1912, 1924, 1925, 1937, 1938, 1942, 1955, 1966, 1967, 1977, 1978, 1979, 1985, 1990, 1994, 1999, 2003, 2008, 2013, 2015, 2021, 2023, 2026, 2037, 2051, 2054, 2058, 2059, 2068, 2070, 2074, 2076, 2077, 2079, 2081, 2085, 2086, 2087, 2089, 2093, 2095, 2097, 2099, 2103, 2105, 2109, 2113, 2114, 2116, 2121, 2123, 2124, 2126, 2134, 2136, 2140, 2142, 2143, 2144, 2146, 2154, 2161, 2167, 2170, 2176, 2183
- For a list of Xalan-Java commits, see xalan-cvs@xml.apache.org in the Apache mail archives.
Release notes for Xalan-Java 2.6.0
Xalan-Java 2.6.0 was released on February 29, 2004 (a leap year!).
Xalan-Java 2.6.0 contains the following functional enhancements, performance enhancements and bug fixes since 2.5.2:
- Improvement in translet initialization time.
- Addition of a translet versioning mechanism. If the translet version detected by the XSLTC runtime is more recent than any supported by the XSLTC runtime, an error will be reported.
- Changes that allow XSLTC to use other DTM implementations.
- Release notes for the XML Serializer. The serializer will no longer put a newline after the xml header tag unless indent="yes". See bugzilla 24304.
- Rename of Xalan Java's xalan:doc-cache-off processing instruction to xalan-doc-cache-off. This change was necessary due to a recent change in Xerces. Xerces has started detecting the Namespace well-formedness rule that a processing instruction's PITarget must not contain a colon. The old-style PI (xalan:doc-cache-off) will be accepted provided that the XML parser does not report it as an error. See bugzilla 26217.
- Enhancement to XSLTC's URIResolvers and the general mechanism to resolve relative URIs. XSLTC is now compatible with Xalan Intepretive.
- Addition of a TransformThread sample that demonstrates how to use different transformers on different threads and in different modes.
- Upgrade to Xerces-J (2.6.2) and a new version of xml-commons (xml-commons-external-1.2.01)
- Elimination of "enum" as a name to allow compilation under JDK 1.5
- Bugzilla fixes: 797, 1396, 5761, 15140, 16889, 18351, 19194, 19464, 22376, 23046, 23591, 24278, 24111, 24187, 24188, 24302, 24304, 24365, 24414, 24518, 24695, 24728, 24788, 24793, 24958, 24979, 24985, 24988, 25368, 25416, 25442, 25449, 25816, 25924, 26019, 26030, 26075, 26169, 26217, 26697, 26742, 26829, 26842
- For a list of Xalan-Java commits, see xalan-cvs@xml.apache.org in the Apache mail archives.
Release notes for Xalan-Java 2.5.2
Xalan-Java 2.5.2 was released on October 30, 2003.
Xalan-Java 2.5.2 contains bug fixes and performance enhancements since 2.5.1.
Fixes in this release include the following:
- 782, 788, 789, 795, 890, 3415, 5133, 5972, 6155, 7205, 7408, 10900, 11414, 12441, 13082, 14149, 14607, 15090, 15327, 15700, 15828, 15901, 16311, 16512, 16675, 17630, 18821, 18907, 19297, 19591, 19770, 19823, 19890, 19918, 19972, 19973, 20074, 20114, 20256, 20537, 20572, 20625, 20685, 20795, 20819, 20832, 20841, 20909, 20913, 20920, 21039, 21048, 21087, 21300, 21309, 21449, 21452, 21471, 21478, 21491, 21697, 21713, 21805, 21893, 22025, 22115, 22167, 22342, 22422, 22438, 22623, 22769, 22777, 22808, 22880, 23200, 23113, 23115, 23271, 23418, 23706, 23812, 23896, 23983, 24013, 24025
- For a list of Xalan-Java commits, see xalan-cvs@xml.apache.org in the Apache mail archives.
Release notes for Xalan-Java 2.5.1
Xalan-Java 2.5.1 was released on June 3, 2003.
Xalan-Java 2.5.1 contains bug fixes and performance enhancements since 2.5.0.
Fixes in this release include the following:
- 15200, 18585, 18926, 19029, 19388, 19471, 19474, 19522, 19640, 19900, 19960, 20237, 20273
- For a list of Xalan-Java commits, see xalan-cvs@xml.apache.org in the Apache mail archives.
Release notes for Xalan-Java 2.5.0
Xalan-Java 2.5.0 was released on April 16,2003.
Xalan-Java 2.5.0 contains a variety of features, bug fixes and performance enhancements since 2.5.D1.
New features in Xalan-Java 2.5.0 include:
- integration of the Document Table Model (DTM) with the XSLTC processor [Henry Zongaro, Morris Kwan] and
- integration of the Xalan Interpretive and Xalan Compiled serializers into a common serializer [Brian Minchau].
Refer to What's New for a description of the new function and History of software changes for a list of the various bug fixes and other enhancements in this release.
Release notes for Xalan-Java 2.5.D1
Xalan-Java 2.5.D1 was released on March 3, 2003.
This developer's release, Xalan-Java 2.5.D1, has changes since 2.4.1 and is primarily for the purpose of releasing various bug fixes to the community. These will eventually be released officially in a future Xalan-Java 2.5 version, along with some new function.
Fixes in this release include the following:
- 4858, 5140, 6075, 6157, 10053, 10626, 12481, 13414, 13651, 13774, 13775, 13977, 14112, 14148, 14157, 14178, 14229, 14236, 14237, 14241, 14244, 14300, 14322, 14324, 14365, 14368, 14406, 14578, 14753, 14856, 14862, 14965, 15074, 15094, 15218, 15254, 15373, 15586, 16745, 17030, 17136
- Support for and bundling of Xerces Java 2.3.
- Support for and bundling of
xml-apis.jarfrom the tck-jaxp-1_2_0 branch of xml-commons. This version of the Java APIs for XML Processing successfully passes the JAXP 1.1 and JAXP 1.2 TCKs. - For a list of Xalan-Java commits, see xalan-cvs@xml.apache.org in the Apache mail archives.
Release notes for Xalan-Java 2.4.1
Xalan-Java 2.4.1 was released on October 31, 2002 (Halloween!).
- Performance fixes and enhancements to address the degradation of performance between Xalan-Java version 2.3.1 and Xalan-Java 2.4.0.
- A prototype implementation of the DOM Level 3 XPath Specification. The implementation is considered 'experimental' at this time due to the status of the specification. See the new sample, ApplyXPathDOM for an example of how to use this API.
- Extension changes and enhancements:
- Implement canonical namespaces for all Xalan extensions. All extensions
now use namespaces starting with
http://xml.apache.org/xalan. The old namespaces are still supported for backward compatibility. See the updated extensions documentation for details. - Added new EXSLT extension functions, including the EXSLT dynamic extension functions max, min, sum, map, evaluate and closure, the EXSLT strings extension functions align, concat, padding, split and tokenize, and some new extension functions in the math module.
- Reorganized the extension functions for new EXSLT extensions. The implementation of some extension functions (intersection, difference, distinct, evaluate and tokenize) are moved from the main Extensions class to the corresponding EXSLT modules.
- Enable the EXSLT extensions for XSLTC. The EXSLT common, math, sets, dates-and-times and strings modules can be used in XSLTC.
- Integration of the nodeset and redirect extension for XSLTC. You can now use Xalan namespaces for these extensions in XSLTC.
- Enhancement in Java extenion for XSLTC. Three namespace formats (Java, package and class) can all be used in XSLTC. More type conversion rules are added as well.
- Enable support for invoking transformations using the Xalan compiler (XSLTC) via the Xalan interpretive Process command line. Specifically, the -XSLTC option was added. The -TT, -TG, -TS, -TTC, -QC, -L, -INCREMENTAL, -NOOPTIMIZE and -RL option do not work in XSLTC mode. All other existing options can be used with -XSLTC. Additional options were added to enable XSLTC compile and transform modes: -XO, -XD, -XJ, -XP, -XN, -XX, -XT. See the Process usage statement for more information on these options.
- Fixed SQL Extension problem where a query that returned zero rows would incorrectly return a JDBC exception.
- Fixed a limitation for XPath expressions. The token queue and operations map can now grow to accomodate really large XPath expressions.
- Fixes for the following bugzilla defects: 4344, 5046, 6181, 6927, 7161, 7357, 8175, 8473, 8939, 9731, 9959, 10176, 10384, 10414, 10643, 11073, 11341, 11661, 11743, 11809, 12077, 12127, 12298, 12687, 13059, 13303, 13305, 13106, 13501, 13711, 13754, 13863, 13944, 14022
- Support for and bundling of Xerces Java 2.2.
- Support for and bundling of
xml-apis.jarfrom the factoryfinder-build of the RIVERCOURT1 branch of xml-commons. This version of the Java APIs for XML Processing successfully passes the JAXP 1.1 and JAXP 1.2 TCKs. - For a list of Xalan-Java commits, see xalan-cvs@xml.apache.org in the Apache mail archives.
- Support building Xalan with JDK 1.4.
Release notes for Xalan-Java 2.4.0
Xalan-Java 2.4.0 was released on September 3, 2002.
- Fixes for the following bugzilla defects : 3238, 4603, 5013, 5016, 5941, 6071, 6268, 6284, 6356, 6547, 6798, 6833, 6925, 6972, 7023, 7118, 7123, 7157, 7410, 7776, 8324, 8358, 8551, 8894, 9068, 9137, 9146, 9171, 9174, 9179, 9572, 9575, 9683, 9753, 10137, 10306, 10323, 10625, 10715, 10832, 10837, 10839, 10914, 10945, 11123, 11166, 11221, 11345, 11704, 11987, 11828, 12075 .
- Xalan-Java now uses a list of supported encodings in a properties file (org.apache.xml.serializer.Encodings.properties). Fixes Bugzilla 6356. Patch from Sergey Ushakov.
- Support for the EXSLT function and result elements, and EXSLT date-and-time functions.
- Improvements to the extensions mechanism to more efficiently handle the detection and analysis of extensions during the stylesheet "composition" process, and the generation of the required extension handlers during initialization of the transformation process.
- Performance improvement. Instead of looping through the ExtendedType objects, use a hashtable and go directly to the correct object.
- Separation of source and messages. Messages have been moved into property files for easier localization.
- XSLTC version upgraded from 1.0 to 1.2.
- Support for and bundling of Xerces Java 2.1.
- Support for and bundling of
xml-apis.jarfrom the RIVERCOURT1 branch of xml-commons. This version of the Java APIs for XML Processing successfully passes the JAXP 1.1 and JAXP 1.2 TCKs. - For a list of Xalan-Java commits, see xalan-cvs@xml.apache.org in the Apache mail archives.
Other points of interest
- Xalan Java 2 is integrated with release 2 of Xerces-Java. Xalan-Java Version 2.7.2 does not include support for the deprecated Xalan-Java 1 compatability API.
The Xalan-Java 1 compatability code does NOT compile with Xerces-Java 2.
- The SQL extension samples continue to use InstantDB, but based on our realization of changes
that have occurred in the licensing of InstantDB, we no longer include InstantDB and the associated sample database with our distibution.
We do, however, provide information on how to set up InstantDB to support our SQL
extension samples.
- Documentation updates: We have subdivided the release notes into multiple files to accelerate HTML document loading, and we have added a
document on Transform features.
- If an attempt is made to coerce a different namespace onto a prefix already in use in xsl:attribute, the attribute will come out
in the wrong namespace. Workaround: either provide an NCName instead of a QName for the attribute, or provide a QName with a prefix not
used elsewhere.
- Handling xsl:namespace-alias declarations: In release 2.0.D01, we reported the need to do some research concerning exactly how Xalan
should handle xsl:namespace-alias declarations. As a result of discussions among members of the W3C Working Group on XSL, we have reached a
more precise consensus on how namespaces should be represented when an xsl:namespace-alias declaration is in effect.
If a literal result element has a namespace prefix, the prefix will be preserved and the namespace URI of the element will be as specified in the xsl:namespace-alias element, but the result-prefix is not required to appear in the result. This also applies to the two other cases of "Literal namespace URI" mentioned in the XSLT Recommendation on Literal Result Elements. More simply, if the stylesheet calls for <axsl:foo> to be output as a literal result element, then it will be output as <axsl:foo> in the result, but the namespace associated with this "axsl" prefix will be as designated in the xsl:namespace-alias declaration.
- For HTML output, Xalan-Java 2 outputs character entity references (© etc.) for the special characters designated in
Appendix A. DTDs of the XHTML 1.0: The Extensible HyperText Markup
Language. Xalan-Java 1.x, on the other hand, outputs literal characters for some of these special characters.
- In conformance with the XSLT Recommendation on the HTML
Output Method and Section B.2.1 of the HTML 4.0
Recommendation, Xalan-Java 2 uses %hh encoding for each byte of the UTF-8 representation of non-ASCII characters in HTML URI
attributes.
- When your stylesheet asks for an explicit carriage-return character ( ) to be inserted into the output, it is output during
the serialization process in escaped form unless escaping has been disabled. When your stylesheet asks for an explicit line-feed character
( ) to be output, the system-default line-break character(s) is/are output during the serialization process. Also keep in mind that
the XML parser normalizes line-breaks to line-feeds when it sends character events to the processor.
- If your XML input is a DOM, use the javax.xml.parsers.DocumentBuilderFactory setCoalescing() method to set coalescing to true (it is
false by default), if you want to append CDATA sections to adjacent text sections to form a single text node (as the XPath standard calls
for), and if the XML parser supports this feature (Xerces-Java 2.11.0 does not).
- When you traverse the namespace axis for a collection of element nodes, Xalan-Java includes one namespace node for each namespace in scope
for one or more of the nodes in that collection. The XPath expression does not return additional (redundant) namespace nodes for each element
for which the namespace nodes are in scope.
- See Bugzilla bug 2291 for a discussion of issues surrounding
use of the default character encoding to read META-INF/Services.
- As Bugzilla bug 1800 reports, the Transformer does not get the setTransformState event until after the startDocument event. This could present a problem for tools developers, and we do intend to fix this bug.